Ports Open

[renakuajo]

i unisnstall za pro a week or two ago but it doesnt matter if i have the settingd in maximum level cause it still shows the same ports open

[XPerties]

What ports are open? That should have been the first question asked to avoid all the troubleshooting.

-XPerties

[renakuajo]

ftp and telnet

[XPerties]

number please....FTP doesnt mean anything. The basic is 21 but you can use FTP on any port. What are the ports numbers?

-Xperties

[renakuajo]

sorry:D

21 & 23

[XPerties]

Go start/all programs/accessories/command prompt...type in [b:cea967423c]netstat[/b:cea967423c].........What programs are using those ports?

-XPerties

[renakuajo]

i just run it........not quite sure...........for what i can see it only shows my internet connection just thgat

[dracman]

You can try looking under - Admin Tools/Services and disabling them under the Services Area.

[renakuajo]

nope!!! i already try that i dont have ftp and telnet is disable

[XxMaNsOnX]

What do you mean by 'open'? By definition, Open means there is an application that has bind()'ed itself to the port. But some port scanners may say 'Open' and mean that it isn't being blocked in some way. This would happen if it gets any response from the SYN packet, regardless if it's a SYN/ACK (Open) or a RST packet (Port is closed) or an ICMP PORT_UNREACHABLE message (Closed, or possibly blocked at a router/firewall, or just a s***ty TCP/IP stack). No response at all means either the host is down (in which a router should hopefully send an ICMP DEST_UNREACHABLE message) or it is being blocked by a router/firewall, or by the target itself (Software firewall)

It may be that your network administrator or ISP is doing some redirrection, or it could be any number of things.

So here is what you do. If your using WinXP, your in luck, it has a decent unix-style telnet client.

Open a DOS prompt and type:

telnet localhost 21

If it connects, something is actually running locally. Perhaps a trojan or virus or just an FTP daemon someone installed.

Do the same thing for the telnet port:

telnet localhost 23

If the port is in fact closed on your machine, you should get something like:

Connecting To localhost...Could not open connection to the host, on port 21.

No connection could be made because the target machine actively refused it.

If it is closed on your machine, then your network admin/ISP is the culprit, and then there is nothing you can do other than talk to them.

If you need more help, private message me and I'll give assistance as needed.

And by the way, for the thread, any software firewall is good as a last line of defense, but nothing beats a well configured hardware based firewall. Check out OpenBSD (http://www.openbsd.org), which is probably the best OS to use as a firewall. With bridge/filtering support, you can make a firewall that is completely inaccessible except at the ethernet level.. This makes the best security around. But then that would require a whole other thread for discussion

[renakuajo]

XxMaNsOnX

man, thanks!!!!!

finally i get it, is my ISP; is doing some redirrection.......well thanks my pc is safe......i guess:D

[FthrJACK]

i just read through this and i was thinking "proxy" all the way through.. lol at least you solved it

[renakuajo]

1 more thing: could that be the reason i cant received files transfer via ICQ, trillian and win mesenger????:wail:

[Aaron]

I know that I can't send files through MSN or IRC through NAT software (ICS, Wingate, whatever)

[XxMaNsOnX]

If using NAT, then you need to do tricks to use a protocol which requires you receving a connection.

Basically, NAT works when you send a packet (Either starting a TCP connection (SYN packet) or an arbitrary UDP packet.) it records it, then mangles it to change the source address to whatever IP address you have assigned for the NAT router. It also changes the source IP to one not used on the NAT router, and one usually very high. When it receives a response, it looks at the destination port, and then matches that to a table which then mangles it back to put the destination IP of the sending computer, and also changes the destination port back. That is how you start a connection through a NAT router.

Now, many things require you to be the one LISTENING for the connection. Most likely, (though I don't know the MSN protocol) it makes the person receiving the file listen for a connection. Well, your computer binds to the port and all is good, but when the sender tries to send a file, the NAT router has never heard of that connection before. It's not in the table, it doesn't know where to go, so it drops the packet and most likely sends some form of error back.

To be able to receive files depends on what type of router you're using for NAT. If you're using a linksys type router, you're out of luck. If you're using Linux though, you will be glad to know there are many NAT modules for working with many protocols. The way they work is they listen to the protocol, and find out what port you will be listening to. They then add that to the table, so when the sender sends the packet, it forwards them on to you. It's actually much more advanced than this, but this is the basics. Such modules exist (from memory) for IRC DCC, Quake, FTP, and many others. The thing is, it has to KNOW about the protocol to be able to do this.

Luckily, writing one of these modules isn't too difficult, though that would require another thread

Otherwise, to actually RECEIVE connections, you can't be using NAT, and need multiple IP addresses, or a small subnet. Well, unless the port in which it receives connections is constant, then you can just add some forwarding rules. And to do that I believe even a cheap ol Linksys can do it.

Hope that helps.